Please contact CFRG Chairs (Nick Sullivan nick@cloudflare.com, Alexey Melnikov alexey.melnikov@isode.com and Stanislav Smyshlyaev smyshsv@gmail.com) or the CFRG Secretary (Christopher wood caw@heapingbits.net) to request a review. Also contact them if you want to be added to the Crypto Review Panel.
The work in the Crypto Panel is organized using the mailing list, the archive of the Crypto Panel list is public.
Crypto Review Panel operates in a way similar to an IETF Directorate. However from time to time CFRG Chairs might use Crypto Review Panel in different ways (e.g., like during the PAKE selection process) after consultations on the CFRG mailing list.
CFRG is a volunteer-led activity that currently relies on the goodwill of its participants to provide review of documents. This can result in documents not receiving enough scrutiny, or examination only being forthcoming over an unacceptably long period of time. Also, there is lack of consistency between reviews of different documents.
The CFRG Review Panel will ensure that CFRG chairs have at their disposal sufficient resources and lightweight processes to provide critical, objective, timely and consistent review of cryptographic algorithms in IRTF and IETF documents.
The recommendations coming out of panel reviews will not be binding on CFRG, but are intended to provide high-quality input to augment the usual development process for CFRG drafts.
Reviews will identify issues - both security issues and deployment issues - but not necessarily low-level nits and typos. Reviews will also identify relevant research, or the need for further research.
When CFRG chairs decide that a document would benefit from a panel review, they will select one or more reviewers and request a review within a given time period (typically 2 to 4 weeks). Reviews will be made public via the CFRG mailing list; private discussion between reviewers, authors and CFRG chairs may also take place.
A document's authors may identify conflicts and conflicts of interest with particular panel members. Such conflicts should be notified to the CFRG chairs by the authors (or panel members) when the chairs initiate the review process.
Not every CFRG draft needs to be reviewed by the panel; documents that are not CFRG drafts may also be reviewed by the panel.
The CFRG chairs will make appointments to the Review Panel. The panel will be composed of 6-8 members; it may be increased in size by the CFRG chairs should the number of documents to review necessitate the increase.
Reviewers will be appointed to the panel for a period of 2 years, renewable. The CFRG chairs will endeavour to ensure that the Review Panel has a balanced composition covering the main technical areas of relevance to CFRG. Individuals may self-nominate or nominate others for panel membership.
Being a panel member represents a commitment to review documents in a timely and thorough fashion; reviewers' panel membership will be rescinded at the discretion of the CFRG chairs.
| Name | Affiliation |
|---|---|
| Scott Fluhrer | Cisco |
| Russ Housley | Vigil Security |
| Bjoern Tackmann | DFINITY Foundation |
| Chloe Martindale | University of Bristol |
| Julia Hesse | IBM Research |
| Karthikeyan Bhargavan | |
| Thomas Pornin | NCC Group |
| Jean-Philippe Aumasson | Teserakt |
| Jon Callas | |
| Virendra Kumar | Qualcomm Technologies |
| Ludovic Perret | CryptoNext Security, Sorbonne University |
https://github.com/cfrg/pake-selection
| Name | Affiliation |
|---|---|
| Scott Fluhrer | Cisco |
| Russ Housley | Vigil Security |
| Bjoern Tackmann | DFINITY Foundation |
| Chloe Martindale | University of Bristol |
| Julia Hesse | IBM Research |
| Karthikeyan Bhargavan | |
| Thomas Pornin | NCC Group |
| Jean-Philippe Aumasson | Teserakt |
| Jon Callas |
| Name | Affiliation |
|---|---|
| Scott Fluhrer | Cisco |
| Pierre-Alain Fouque | |
| Russ Housley | Vigil Security |
| Tibor Jager | |
| Yaron Sheffer | Intuit |
| Stanislav Smyshlyaev | CryptoPro |
| Bjoern Tackmann | IBM Research |